Skip to main content

Installbuilder

6 CVEs product

Monthly

CVE-2022-31694 HIGH This Week

InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Installbuilder
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2021-22038 HIGH This Week

On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Installbuilder
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-22037 HIGH This Week

Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Installbuilder
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3979 HIGH This Week

InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Installbuilder
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-3946 HIGH This Week

InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Installbuilder
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-5530 HIGH This Week

Windows binaries generated with InstallBuilder versions earlier than 19.7.0 are vulnerable to tampering even if they contain a valid Authenticode signature. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Installbuilder
NVD
CVSS 3.0
7.8
EPSS
0.9%
EPSS 0% CVSS 7.3
HIGH This Week

InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Installbuilder
NVD
EPSS 1% CVSS 8.8
HIGH This Week

On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Installbuilder
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Installbuilder
NVD
EPSS 0% CVSS 7.8
HIGH This Week

InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Installbuilder
NVD
EPSS 1% CVSS 7.5
HIGH This Week

InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Installbuilder
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Windows binaries generated with InstallBuilder versions earlier than 19.7.0 are vulnerable to tampering even if they contain a valid Authenticode signature. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Installbuilder
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy